Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System Manager' = '<SYSTEM32>.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Service Manager.exe
- '<SYSTEM32>.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\anyonedwnk[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\conf[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ini[1].php
- <SYSTEM32>.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\conf[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\ini[1].php
- 'wh##.amung.us':80
- 'an##oder.ml':80
- http://wh##.amung.us/swidget/anyonedwnk
- http://an##oder.ml/read/ini.php
- http://an##oder.ml/read/conf.php
- DNS ASK wh##.amung.us
- DNS ASK an##oder.ml